MY KEY TAKEAWAYS
- already 20 years ago, Kevin Mitnick testified before US Senate and highlighted social engineering and the need for training. Still today changing human behaviour is most times the weakest point.
- threat actors have almost unlimited time to do extensive research before an attack, so they are extremly good at buidling the trust factor
- Kevin recommends: trust your gut! If it sounds too good to be true, it possibly is.
- A crafty attacker tries to push the victim into system 1 thinking. To force yourself to remain in system 2, is a very effective defense mechanism against social engineering.
- While Trump was in hospital with COVID19, it created an information vaccum = working phish bait
- Common phishing tactic: link to trusted sources like Google Docs or O365. Document might contain hyperlink to malware.
- Having a good and tested(!) desaster recovery plan is cruicial with more and more ransomware attacks
Demo time
- Demo of a bad USB cable attack
- Demo a lot of phishing mail examples and red flags
- Demo of CVE-2020-1472 "zerologon " :fearful:
ENV
- Provided by Knowbe4
- Presenter: Kevin Mitnick
- Moderator: Perry Carpenter
- Social Engineering Red Flags